I am still wondering which comes in the first priority. "Iptables" or "Kernel Modules"?
With the help ip iptables, say
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j thoTPROXY --tproxy-mark 0x1/0x1 --on-port 3000
I am redirecting the packets to port 3000. I am doing this on system startup. In my kernel module I am getting all the packets in preroute itself and processing for my needs and return back to the kernel.
if( nf_register_hook(&pac_preroute_hook_ops) < 0 ) {
printk("Failed to register pac_preroute_hook_ops.");
return -1;
}
if a port 80 packet comes to the box, which comes in priority ? It first follow the iptables rule or directly like all the other packets it goes into my custom module.
iptables is the userland interface that handles the kernel module "Netfilter" then both cases you mention would be using the same hook.